US9122889B2ActiveUtilityA1

Managing access to class objects in a system utilizing a role-based access control framework

53
Assignee: IBMPriority: Oct 17, 2012Filed: Nov 12, 2013Granted: Sep 1, 2015
Est. expiryOct 17, 2032(~6.3 yrs left)· nominal 20-yr term from priority
G06F 21/6281
53
PatentIndex Score
0
Cited by
16
References
5
Claims

Abstract

According to one aspect of the present disclosure, a method and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The method includes: determining, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; creating a privilege shell for a user running the application; setting the determined privilege on the privilege shell; associating an authorization to the privilege shell; and invoking the privilege shell to run the application by the user.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for managing access to class objects in a system utilizing a role-based access control framework, comprising:
 determining, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; 
 for a plurality of users running the application where the users utilize different functions of the application, determining the object classes of the application for each function of the application utilized by each respective user; 
 creating a privilege shell for each user; 
 setting the determined privileges on the respective privilege shells based on the function utilized by the respective users; 
 associating an authorization to each respective privilege shell; and 
 invoking the respective privilege shell to run the application by the respective user. 
 
     
     
       2. The method of  claim 1 , further comprising:
 assigning the authorization to a role; and 
 assigning the role to the respective user. 
 
     
     
       3. The method of  claim 1 , further comprising hard-linking the respective privilege shell to a base shell for the respective user. 
     
     
       4. The method of  claim 1 , further comprising:
 creating a role based on the function of the application invoked by the respective user based on the object class; and 
 assigning the role to the respective user. 
 
     
     
       5. The method of  claim 4 , further comprising:
 creating the authorization based on the function of the application; and 
 including the authorization in the role.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.